Skip to main content

Single sign on (SSO)

Updated this week

Single sign-on

Ease logging in and up security with SSO.

In this Article

What is SSO?

Single Sign-On (SSO) is an identification method that enables users to log in to multiple applications and websites with one set of credentials.

This brings additional security and easier management of user credentials. And you don't need to update your password for each tool every time you need to update it.

Which providers are supported?

We support Microsoft Azure integration. In case you need another provider — please, let your account manager know. New providers will be added in order of frequency of requests.

Technical Requirements

Email address matching: Apsis One authenticates users based on their email address, not a User Principal Name (UPN) or user ID. This means:

  • The user must exist in Apsis One with the exact same email address used for authentication in your identity provider (Azure AD)

  • If your Azure AD configuration uses a different identifier (such as UPN), ensure the email address attribute matches what is configured in Apsis One

If you're unsure about your Azure AD email configuration, consult with your IT department before enabling SSO.

How does it work?

Each user account that exists in both Azure and Apsis One, identified by the same email address, can log in to Apsis One without an additional login page.

Important: SSO is enabled based on the email domain used to log in to Apsis One, not the Apsis One account itself. This means:

  • Users with email addresses from your company's domain (e.g., @yourcompany.com) will be required to authenticate via SSO

  • External users (e.g., consultants or contractors) who log in with email addresses from domains not owned by your organisation can still access your Apsis One account using standard login credentials (email and password)

Enable SSO with Microsoft Azure

Steps required for your Apsis account to enroll to SSO using Microsoft Azure require collaboration between your IT department and us and are as follows:

  1. Create an application in your Azure Active Directory following this quickstart. Use the following configuration details:

    Platform: Web

    Redirect URLs (more URLs can be entered after you first save the application):


  2. Prepare the following credentials and contact our customer service at customerservice.apsis@efficy.com to ask for a secure way to transfer them to us:

    • Tenant ID

    • Application ID

    • Client secret

    • Credential expiration date

    • Your IT contact name and email (we will reach out for credential renewal)


    Security consideration
    Do not send us any credentials before contacted by us. We will suggest a secure way to transfer them.

  3. Give us the user emails that will be used for testing. They must exist in both Azure and Apsis One.


  4. We will create an SSO integration on our side and enable it for your test users. We will also provide you with an approval link.

  5. Using our link, your Azure AD admin approves the application to access "Sign in and read user profile".


  6. After that, the test users should be able to log in to APSIS One using SSO and their Azure credentials.


  7. After all the testing is finished, let us know and we will enable SSO for all the account users.


How to maintain it?

You need to rotate Apsis credentials periodically (expiry date and frequency depend on your settings in Azure). We will ask you to provide a new set of credentials in advance.

FAQ

How to add a new user?

Add a new user on both sides: the identity provider and Apsis One. Don't forget to configure user access on the Apsis side.

How to delete a user?

You can delete users on Azure's side - it will disable login to Apsis for this user. We recommend you deactivate the user on the Apsis side as well, to prevent logging in in case you disable SSO one day.

Can my external contractors use Apsis One on my behalf while SSO is enabled?

Yes, external users can still access your Apsis One account. SSO applies only to email domains that you own and have configured for SSO. Users logging in with email addresses from other domains (e.g., external consultants or agency partners) will continue to use standard login credentials (email and password).

Example: If your company domain is @yourcompany.com and you've enabled SSO, your employees with @yourcompany.com emails will use SSO. An external consultant with an @consultingfirm.com email can be added to your account and will log in using the traditional email/password method.

What happens when a new SSO user is added to the account?

When you add a new user to Apsis One who will authenticate via SSO, they will receive the standard account activation email. This email includes instructions to create a password.

For SSO users: The password creation step is not required. SSO users can skip this step and proceed directly to log in using their SSO credentials at app.apsis.one. The activation email simply confirms their account has been created.

Note: While account activation is optional for SSO users, we recommend they complete the profile setup to ensure all user details are correctly configured.

Email invitation example:

Should I pay for it?

It is an additional feature for our users. SSO is included in the Grow plan, for pricing options for Send and Automate, please reach out to customer service.

Did this answer your question?